问题
I have a repository hosted on VSTS. That repository has a private github repository as a submodule. I have checkout submodules enabled.
...
Using the Hosted MacOS pool to run the build, it fails because it can't authenticate to github:
2018-06-26T23:06:55.8029470Z Cloning into '/Users/vsts/agent/2.134.2/work/1/s/repo'...
2018-06-26T23:06:56.2379010Z fatal: could not read Username for 'https://github.com': terminal prompts disabled
2018-06-26T23:06:56.2405350Z fatal: clone of 'https://github.com/team/repo' into submodule path '/Users/vsts/agent/2.134.2/work/1/s/repo' failed
2018-06-26T23:06:56.2419340Z Failed to clone 'repo'. Retry scheduled
2018-06-26T23:06:56.2486770Z Cloning into '/Users/vsts/agent/2.134.2/work/1/s/repo'...
2018-06-26T23:06:56.5982310Z fatal: could not read Username for 'https://github.com': terminal prompts disabled
2018-06-26T23:06:56.6006440Z fatal: clone of 'https://github.com/team/repo' into submodule path '/Users/vsts/agent/2.134.2/work/1/s/repo' failed
2018-06-26T23:06:56.6020680Z Failed to clone 'repo' a second time, aborting
There doesn't seem to be a place to put a Github personal access token if the main repository itself is not from Github.
I can workaround this by creating my own MacOS build agent, and storing the github credential in the system credential manager. Is there a way to do this without having to create my own build agent?
回答1:
Is there a way to do this without having to create my own build agent?
The build definition, section submodule mentions:
The build process will check out your Git submodules as long as they are:
Unauthenticated: A public, unauthenticated repo with no credentials required to clone or fetch.
Authenticated:
Contained in the same project, GitHub organization, or Bitbucket account as the Git repo specified above.
Added by using a URL relative to the main repository.
For example, this one would be checked out:git submodule add /../../submodule.git mymodule
This one would not be checked out:
git submodule add https://fabrikamfiber.visualstudio.com/DefaultCollection/_git/ConsoleApp mymoduleThe same credentials that are used by the agent to get the sources from the main repository are also used to get the sources for submodules.
If your main repository and submodules are in the same GitHub organization, then the token stored in the GitHub service endpoint is used to access the sources.
That last sentence does not apply to your case, hence the need for a build agent.
Or:
If you can't use the Checkout submodules option, then you can instead use a custom script with the following Git command to get the sources for submodules onto your agent.
git -c http.https://<url of submodule repository>.extraheader="AUTHORIZATION: basic ********" submodule update --init --recursive
Use a secret variable in your project or build definition to store the personal access token (PAT) that you generate in VSTS or GitHub with access to your submodules.
LOST mentions in the comments:
It pops the Git Credential Manager dialog despite the freshly renewed PAT
Solution: Instead of using PAT in place of stars, you have to put there base64Encode("PAT:PAT")
来源:https://stackoverflow.com/questions/51052720/how-to-authenticate-to-a-private-github-submodule-in-a-vsts-automated-build